SNMP vs Netflow measurements on the same interface will not be identical for several reasons: * SNMP measures layer 2 traffic, while netflow measures layer 3 * there is asynchroneous readings of snmp counters vs netflow * netflow depends on flows being expired (ideally every 5 minutes) * netflow sampling distorts values the most at low traffic values
Ideally SNMP and netflow shouldn't be more than 10% apart, but snmp is built for accuracy while netflow's goal is to export metadata. On Wed, Nov 27, 2019, 16:43 Jeronimo L. Cabral <jelocab...@gmail.com> wrote: > Dear, I have Nfsen + Nfdump running OK. > > I set an alarm for all the incoming traffic where the DST NET is my public > IP block. But If I compare this traffic curve against the SNMP incoming > traffic curve from Zabbix, both curves are not similar. > > My question is: traffic measure by Netflow vs. traffic measure by SNMP > should be the same ??? > > Because I wanna use Nfsen to set an alarm where "incoming traffic to DST > NET x.x.x.x (my own IP public block) reaches 30 Mbps"....But if you tell > Netflow does not have to be used for this situation, I have to discard it. > > Thanks and greetings !!! > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
